diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-07-29 14:01:11 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-08-08 13:14:46 +0200 |
| commit | 8eb3a29336ea11f6b417ce7e25d53513509bdd87 (patch) | |
| tree | e2b29005194ac51d83b540c716088fe32358a6ee /lib/includes/gnutls | |
| parent | 3dd0df9e1a499c7b31bf7b4a315e797d2195c1ba (diff) | |
| download | gnutls-8eb3a29336ea11f6b417ce7e25d53513509bdd87.tar.gz | |
pk: implement deterministic ECDSA/DSA
This exposes the deterministic ECDSA/DSA functionality through the
GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/includes/gnutls')
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index d4b7da68b2..d8805681a9 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -371,7 +371,10 @@ int gnutls_privkey_status(gnutls_privkey_t key); * gnutls_privkey_flags: * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding. - * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt). + * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters. + * For RSA-PSS, that means to use empty salt instead of random value. For ECDSA/DSA, it uses the deterministic + * construction of random parameter according to RFC 6979. Note that + * this only supports the NIST curves and DSA subgroup bits up to 512. * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically * release it when the structure it was imported is released. * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import. |